This is How Not to Get Owned by a Targeted Cyber Attack

Share

Is your company ready for a targeted cyber attack? If not, you probably should be. According to a recent study by Accenture, this year companies reported more than twice as many targeted attacks on their networks than last year.

Targeted cyber attacks are higher risk and higher reward for attackers than opportunistic attacks. They involve a narrow focus on a particular company, penetration of that company’s network, and persistence with the intent to remain undetected for as long as possible. Attackers’ primary motivations are usually financial, and the goal is to steal information.

Targeted attacks, as opposed to opportunistic, take careful thought, preparation and planning by the perpetrators. They’ll find out the defenses you have in place, and then they’ll attempt to get around them. And given enough time and persistence, they will get around them – it just takes one unsuspecting employee to click on a phishing link, or an outdated, vulnerable, Internet-exposed system on your network to be exploited.

Detecting a targeted attack is difficult, especially because of the perpetrators’ goal of ”flying under the radar.” According to the 2018 Verizon Data Breach Investigation Report, 68% of breaches take months or longer to discover. Attackers use tools that are native to your environment, and they avoid employing noisy tactics that might set off alarms.

So how does a company detect a targeted attack? The conventional answer is to use monitoring solutions that log events that take place. These events collected can be sifted through and anomalous events can be flagged and alerted about.

But there’s more. As any security analyst knows, such monitoring solutions capture hundreds of millions of events per month, which are filtered down to hundreds of thousands of alerts – if you call that filtering. That’s far too many alerts for security teams to handle. And too many of these alerts turn out to be false positives – seemingly anomalous events, once investigated, are found to be harmless. The Ponemon Institute estimates that almost half of all security alerts are false alarms. Like a haystack with a needle deep inside, these false alarms bury the real incidents that actually matter.

So then, how does a company really detect a targeted attack? The real answer is to use a detection and response solution that not only picks up on suspicious events, but does the background work to investigate the context of the events using machine learning and behavioral analysis. Placing each event in proper context, the automated system can filter out the false positives ahead of time, instead of threat analysts having to waste valuable time doing so.

The result is that security teams get a much shorter list of confirmed incidents to respond to, rather than an endless list of false positives and inconsequentials to sift through and investigate.

Sounds almost too good to be true, but it’s possible with F-Secure Rapid Detection & Response, which uses our innovative Broad Context Detection technology to hone in on the incidents that matter. Rapid Detection & Response is trained by our industry-leading experts for the perfect combination of man and machine working to protect your business.

You can see how this all works in our infographic, ”Incident Detection in a Nutshell.”